package com.android.settings.security;

import android.R;
import android.app.ActivityManager;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.pm.UserInfo;
import android.os.AsyncTask;
import android.os.Bundle;
import android.os.Process;
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.UserManager;
import android.security.IKeyChainService;
import android.security.KeyChain;
import android.text.TextUtils;
import android.util.Log;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.fragment.app.FragmentActivity;
import com.android.internal.widget.LockPatternUtils;
import com.android.settings.password.ChooseLockSettingsHelper;
import com.android.settings.vpn2.VpnUtils;
import com.android.settingslib.core.lifecycle.HideNonSystemOverlayMixin;

/* loaded from: input_file:com/android/settings/security/CredentialStorage.class */
public final class CredentialStorage extends FragmentActivity {
    private static final String TAG = "CredentialStorage";
    public static final String ACTION_INSTALL = "com.android.credentials.INSTALL";
    public static final String ACTION_RESET = "com.android.credentials.RESET";
    public static final int MIN_PASSWORD_QUALITY = 65536;
    private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 1;
    private LockPatternUtils mUtils;
    private Bundle mInstallBundle;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/settings/security/CredentialStorage$InstallKeyInKeyChain.class */
    public class InstallKeyInKeyChain extends AsyncTask<Void, Void, Boolean> {
        final String mAlias;
        private final byte[] mKeyData;
        private final byte[] mCertData;
        private final byte[] mCaListData;
        private final int mUid;

        InstallKeyInKeyChain(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
            this.mAlias = str;
            this.mKeyData = bArr;
            this.mCertData = bArr2;
            this.mCaListData = bArr3;
            this.mUid = i;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Boolean doInBackground(Void... voidArr) {
            try {
                KeyChain.KeyChainConnection bind = KeyChain.bind(CredentialStorage.this);
                try {
                    IKeyChainService service = bind.getService();
                    if (!service.installKeyPair(this.mKeyData, this.mCertData, this.mCaListData, this.mAlias, this.mUid)) {
                        Log.w(CredentialStorage.TAG, String.format("Failed installing key %s", this.mAlias));
                        if (bind != null) {
                            bind.close();
                        }
                        return false;
                    }
                    if (this.mUid == 1000 || this.mUid == -1) {
                        service.setUserSelectable(this.mAlias, true);
                    }
                    if (bind != null) {
                        bind.close();
                    }
                    return true;
                } catch (Throwable th) {
                    if (bind != null) {
                        try {
                            bind.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (RemoteException e) {
                Log.w(CredentialStorage.TAG, String.format("Failed to install key %s to uid %d", this.mAlias, Integer.valueOf(this.mUid)), e);
                return false;
            } catch (InterruptedException e2) {
                Log.w(CredentialStorage.TAG, String.format("Interrupted while installing key %s", this.mAlias), e2);
                Thread.currentThread().interrupt();
                return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(Boolean bool) {
            CredentialStorage.this.onKeyInstalled(this.mAlias, this.mUid, bool.booleanValue());
        }
    }

    /* loaded from: input_file:com/android/settings/security/CredentialStorage$ResetDialog.class */
    private class ResetDialog implements DialogInterface.OnClickListener, DialogInterface.OnDismissListener {
        private boolean mResetConfirmed;

        private ResetDialog() {
            AlertDialog create = new AlertDialog.Builder(CredentialStorage.this).setTitle(R.string.dialog_alert_title).setMessage(com.android.settings.R.string.credentials_reset_hint).setPositiveButton(R.string.ok, this).setNegativeButton(R.string.cancel, this).create();
            create.setOnDismissListener(this);
            create.show();
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            this.mResetConfirmed = i == -1;
        }

        @Override // android.content.DialogInterface.OnDismissListener
        public void onDismiss(DialogInterface dialogInterface) {
            if (!this.mResetConfirmed) {
                CredentialStorage.this.finish();
                return;
            }
            this.mResetConfirmed = false;
            if (!CredentialStorage.this.mUtils.isSecure(UserHandle.myUserId())) {
                new ResetKeyStoreAndKeyChain().execute(new Void[0]);
            } else {
                if (CredentialStorage.this.confirmKeyGuard(1)) {
                    return;
                }
                Log.w(CredentialStorage.TAG, "Failed to launch credential confirmation for a secure user.");
                CredentialStorage.this.finish();
            }
        }
    }

    /* loaded from: input_file:com/android/settings/security/CredentialStorage$ResetKeyStoreAndKeyChain.class */
    private class ResetKeyStoreAndKeyChain extends AsyncTask<Void, Void, Boolean> {
        private ResetKeyStoreAndKeyChain() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Boolean doInBackground(Void... voidArr) {
            CredentialStorage.this.mUtils.resetKeyStore(UserHandle.myUserId());
            try {
                KeyChain.KeyChainConnection bind = KeyChain.bind(CredentialStorage.this);
                try {
                    try {
                        Boolean valueOf = Boolean.valueOf(bind.getService().reset());
                        bind.close();
                        return valueOf;
                    } catch (Throwable th) {
                        bind.close();
                        throw th;
                    }
                } catch (RemoteException e) {
                    bind.close();
                    return false;
                }
            } catch (InterruptedException e2) {
                Thread.currentThread().interrupt();
                return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(Boolean bool) {
            if (bool.booleanValue()) {
                Toast.makeText(CredentialStorage.this, com.android.settings.R.string.credentials_erased, 0).show();
                CredentialStorage.this.clearLegacyVpnIfEstablished();
            } else {
                Toast.makeText(CredentialStorage.this, com.android.settings.R.string.credentials_not_erased, 0).show();
            }
            CredentialStorage.this.finish();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        this.mUtils = new LockPatternUtils(this);
        getLifecycle().addObserver(new HideNonSystemOverlayMixin(this));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, android.app.Activity
    public void onResume() {
        super.onResume();
        Intent intent = getIntent();
        String action = intent.getAction();
        if (((UserManager) getSystemService("user")).hasUserRestriction("no_config_credentials")) {
            finish();
            return;
        }
        if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
            new ResetDialog();
            return;
        }
        if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
            this.mInstallBundle = intent.getExtras();
        }
        handleInstall();
    }

    private void handleInstall() {
        if (!isFinishing() && installIfAvailable()) {
            finish();
        }
    }

    private boolean installIfAvailable() {
        if (this.mInstallBundle == null || this.mInstallBundle.isEmpty()) {
            return true;
        }
        Bundle bundle = this.mInstallBundle;
        this.mInstallBundle = null;
        int i = bundle.getInt("install_as_uid", -1);
        if (i != -1 && i != 1010 && !UserHandle.isSameUser(i, Process.myUid())) {
            Log.e(TAG, "Failed to install credentials as uid " + i + ": cross-user installs may only target wifi uids");
            return true;
        }
        String string = bundle.getString("user_key_pair_name", null);
        if (TextUtils.isEmpty(string)) {
            Log.e(TAG, "Cannot install key without an alias");
            return true;
        }
        new InstallKeyInKeyChain(string, bundle.getByteArray("user_private_key_data"), bundle.getByteArray("user_certificate_data"), bundle.getByteArray("ca_certificates_data"), i).execute(new Void[0]);
        return false;
    }

    private void clearLegacyVpnIfEstablished() {
        if (VpnUtils.disconnectLegacyVpn(getApplicationContext())) {
            Toast.makeText(this, com.android.settings.R.string.vpn_disconnected, 0).show();
        }
    }

    private void onKeyInstalled(String str, int i, boolean z) {
        if (!z) {
            Log.w(TAG, String.format("Error installing alias %s for uid %d", str, Integer.valueOf(i)));
            finish();
        } else {
            Log.i(TAG, String.format("Successfully installed alias %s to uid %d.", str, Integer.valueOf(i)));
            sendBroadcast(new Intent("android.security.action.KEYCHAIN_CHANGED"));
            setResult(-1);
            finish();
        }
    }

    private boolean checkCallerIsSelf() {
        try {
            return Process.myUid() == ActivityManager.getService().getLaunchedFromUid(getActivityToken());
        } catch (RemoteException e) {
            return false;
        }
    }

    private boolean checkCallerIsCertInstallerOrSelfInProfile() {
        if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
            return getPackageManager().checkSignatures(getCallingPackage(), getPackageName()) == 0;
        }
        try {
            int launchedFromUid = ActivityManager.getService().getLaunchedFromUid(getActivityToken());
            if (launchedFromUid == -1) {
                Log.e(TAG, "com.android.credentials.INSTALL must be started with startActivityForResult");
                return false;
            }
            if (!UserHandle.isSameApp(launchedFromUid, Process.myUid())) {
                return false;
            }
            UserInfo profileParent = ((UserManager) getSystemService("user")).getProfileParent(UserHandle.getUserId(launchedFromUid));
            return profileParent != null && profileParent.id == UserHandle.myUserId();
        } catch (RemoteException e) {
            return false;
        }
    }

    private boolean confirmKeyGuard(int i) {
        return new ChooseLockSettingsHelper.Builder(this).setRequestCode(i).setTitle(getResources().getText(com.android.settings.R.string.credentials_title)).show();
    }

    @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, android.app.Activity
    public void onActivityResult(int i, int i2, Intent intent) {
        super.onActivityResult(i, i2, intent);
        if (i == 1) {
            if (i2 == -1) {
                new ResetKeyStoreAndKeyChain().execute(new Void[0]);
            } else {
                finish();
            }
        }
    }
}
